GB/T 40857-2021 Technical requirements and test methods for cybersecurity of vehicle gateway
1 Scope
This document specifies the technical requirements for cybersecurity of hardware, communication and firmware data of vehicle gateway products as well as their test methods.
It is applicable to the design and realization of cybersecurity for vehicle gateway products, and may also be used for product testing, evaluation and management.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069 Information security techniques - Terminology
GB/T 37935-2019 Information security technology - Trusted computing specification - Trusted software base
GB/T 40861 General technical requirements for vehicle cybersecurity
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069, GB/T 37935-2019, GB/T 40861 and the following apply.
3.1
vehicle gateway
electronic control unit mainly used to safely and reliably forward and transmit data between multiple networks in a vehicle
Note 1: Through network isolation and communication protocol conversion, the vehicle gateway may perform information interaction between functional domains sharing communication data.
Note 2: The vehicle gateway is also called the central gateway.
3.2
backdoor
channel that is able to bypass the control of security mechanisms such as system authentication and enter the information system
[Source: GB/T 40861-2021, 3.12]
3.3
entity of root of trust
functional module used to support the establishment and transfer of trust chain of trusted computing platform, and can provide external services such as integrity measurement, secure storage and cryptographic computation
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Network topology of vehicle gateway
5.1 CAN gateway
5.2 Ethernet gateway
5.3 Hybrid gateway
6 Technical requirements
6.1 Requirements for cybersecurity of hardware
6.2 Requirements for cybersecurity of communication
6.3 Requirements for cybersecurity of firmware
6.4 Requirements for cybersecurity of data
7 Test methods
7.1 Test on cybersecurity of hardware
7.2 Test on cybersecurity of communication
7.3 Test on cybersecurity of firmware
7.4 Test on cybersecurity of data
Annex A (Informative) Example of vehicle gateway topology
Annex B (Informative) Examples of typical attacks
Bibliography
GB/T 40857-2021 Technical requirements and test methods for cybersecurity of vehicle gateway
1 Scope
This document specifies the technical requirements for cybersecurity of hardware, communication and firmware data of vehicle gateway products as well as their test methods.
It is applicable to the design and realization of cybersecurity for vehicle gateway products, and may also be used for product testing, evaluation and management.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069 Information security techniques - Terminology
GB/T 37935-2019 Information security technology - Trusted computing specification - Trusted software base
GB/T 40861 General technical requirements for vehicle cybersecurity
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069, GB/T 37935-2019, GB/T 40861 and the following apply.
3.1
vehicle gateway
electronic control unit mainly used to safely and reliably forward and transmit data between multiple networks in a vehicle
Note 1: Through network isolation and communication protocol conversion, the vehicle gateway may perform information interaction between functional domains sharing communication data.
Note 2: The vehicle gateway is also called the central gateway.
3.2
backdoor
channel that is able to bypass the control of security mechanisms such as system authentication and enter the information system
[Source: GB/T 40861-2021, 3.12]
3.3
entity of root of trust
functional module used to support the establishment and transfer of trust chain of trusted computing platform, and can provide external services such as integrity measurement, secure storage and cryptographic computation
Contents of GB/T 40857-2021
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Network topology of vehicle gateway
5.1 CAN gateway
5.2 Ethernet gateway
5.3 Hybrid gateway
6 Technical requirements
6.1 Requirements for cybersecurity of hardware
6.2 Requirements for cybersecurity of communication
6.3 Requirements for cybersecurity of firmware
6.4 Requirements for cybersecurity of data
7 Test methods
7.1 Test on cybersecurity of hardware
7.2 Test on cybersecurity of communication
7.3 Test on cybersecurity of firmware
7.4 Test on cybersecurity of data
Annex A (Informative) Example of vehicle gateway topology
Annex B (Informative) Examples of typical attacks
Bibliography